[pkg-horde] Bug#383416: horde3: 3.0.11 fixes XSS issues is CVE-2006-4255/CVE-2006-4256

Stefan Fritsch sf at sfritsch.de
Sat Aug 26 20:49:32 UTC 2006

These issues have been assigned CVE-2006-4255/CVE-2006-4256:

Cross-site scripting (XSS) vulnerability in horde/imp/search.php in
Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary
web script or HTML via multiple unspecified vectors related to folder
names, as injected into the vfolder_label form field in the IMP search

index.php in Horde Application Framework before 3.1.2 allows remote
attackers to include web pages from other sites, which could be useful
for phishing attacks, via a URL in the url parameter, aka "cross-site
referencing." NOTE: some sources have referred to this issue as XSS,
but it is different than classic XSS.

Please mention the CVE-ids in the changelog.

More information about the pkg-horde-hackers mailing list